The purpose of this paper is to understand consumer reactions to security breaches and the best approach for companies to minimize the reputational damage that is done.
The authors assessed trust in a company following a data breach as well as perceptions of individual and corporate responsibility for data security and also measured individual personality.
The authors found that individuals held companies more responsible for protecting private data and held companies even more responsible following a data breach. Further, perception of responsibility for a data breach significantly affected individuals’ response to a company’s attempt to rebuild trust. Finally, participant personality impacted perceptions of responsibility and trust in a company after a data breach.
Companies are held more responsible for protecting private data than are individuals. Thus, violation of this expectation insofar as a data breach may result in a psychological contract breach which explains reductions in trust in a company which has experienced a data breach. Further, the effect of company’s responses to a data breach depends on individuals’ perception of responsibility and personality. Thus, the best course of action following a data breach may vary across customers.
Companies should consider differences in customer perceptions when responding to a data breach.
Individuals differ in how responsible they feel a company is for data security. Further, those differences impact reactions to data breach responses from companies.
This paper explored personality as it impacts perceptions of corporate responsibility in data security. Further, the authors explore the role of perception of responsibility to determine the role of psychological contract breach in reduced trust after data breach.
This research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the US Government. The US Government is authorized to reproduce and distribute reprints for Government purposes not with standing any copyright notation here on.
Carre, J., Curtis, S. and Jones, D. (2018), "Ascribing responsibility for online security and data breaches", Managerial Auditing Journal, Vol. 33 No. 4, pp. 436-446. https://doi.org/10.1108/MAJ-11-2017-1693Download as .RIS
Emerald Publishing Limited
Copyright © 2018, Emerald Publishing Limited